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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 20 September 2007 . 
2a)n This action is FINAL. 2b)IEl This action is non-final. 

3) 0 Since this application is in condition for allowance except forformal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-14 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) I^U is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) IEI The drawing(s) filed on 09 June 2004 is/are: a)[EI accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Remarks 

1 . In response to the Appeal Brief filed on 20-September-2007, an Appeal Conference was held 
on Wednesday, 28-November-2007, during which the conferees recommended the re- 
opening of prosecution via a new grounds of rejection. This Office Action is therefore made 
Non-Final. 

2. In view of the Appeal Brief filed on 20-September-2007, PROSECUTION IS HEREBY 
REOPENED. New grounds of rejection are set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1 .1 1 1 (if this Office action is non-final) or a reply under 37 
CFR 1.1 13 (if this Office action is final); or, 

(2) request reinstatement of the appeal. 

If reinstatement of the appeal is requested, such request must be accompanied by a 
supplemental appeal brief, but no new amendments, affidavits (37 CFR 1.130, 1.131 or 
1.132) or other evidence are permitted. See 37 CFR 1.193(b)(2).\ 

3. Claims 1-14 are presently pending in the application, of which, claims 1 and 9 are presented 
in independent form. 
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Claim Rejections - 35 U.S.C. § 112 - Withdrawn 

4. Per the Advisory Action issued by the Examiner on 1 5-February-2007, the previous 
rejections made under 35 U.S.C. 112, second paragraph are overcome and the rejection is 
therefore, withdrawn. 

Claim Rejections - 35 U.S.C. § 101 - Withdrawn 

5. Applicant's arguments presented in the Appeal Brief regarding the rejection under 35 U.S.C. 
101 have been fully considered and are deemed persuasive. The rejection is therefore, 
withdrawn. 



Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



7. Claims 1-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gudbiartsson et 
ah (U.S. Publication No. 2001/0027519 Al; hereinafter, Gudbiartsson) in view of Bates et 
ah (U.S. Publication No. 2001/0044843 Al; hereinafter, Bates .) 



Application/Control Number: 09/675,399 Page 4 

Art Unit: 2165 

As to claim 1, Gudbiartsson teaches an automated (see Abstract and see paragraph 3) 
authentication handling system (see paragraphs 8, 10, and 31) for use by cHents (see 
paragraphs 29 and 31) on a network (see paragraphs 29, 31 and 34) comprising: 

an authentication server (see paragraph 31, where "authentication server" is read on 
"system server 101 authenticates the user") operable to establish a two-way (see paragraphs 
8, 29 and 30) trusted communication link (see "secure environment" in paragraphs 7 and 9; 
and see paragraphs 29 and 30, where "trusted" is the security provided by the Tirewall 202') 
with an authenticated user (see paragraphs 29, 31, 34, and 48.) 

Gudbiartsson does not teach access for the authenticated user to a list of application 
servers associated with a client identifier. 

Bates teaches a multi-user computer system (see Abstract), in which he teaches access 
for the authenticated user to a list of application servers associated with a client identifier 
(see paragraph 47, where it is taught: "this data may be provided as an individual list of 
particular servers authorized for each user", and see paragraph 53, where it is taught: "upon 
authentication of the user's identity and password, the helper PC accesses the database to 
obtain the list of servers authorized for access by that user." In this paragraph, "a list of 
application servers associated with a cHent idenfifier" is read on "list of servers authorized 
for access by the user", as determined by authenticating the user via user's "identity and 
password", which is read on the "client identifier." 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Gudbiartsson by the teaching of Bates , 
because including a link for access by an authenticated user to a list of applicafion servers. 



Application/Control Number: 09/675,399 Page 5 

Art Unit: 2165 

would enable the system to provide secure means for authenticated clients to access desired 
web sites hosted by various servers throughout a network. For example, the system can 
provide a directory of partner service servers to the users. As taught by Bates in paragraph 
54, "once the user has input a nmning list of servers, the user inputs a command to the helper 
PC to implement the connection." 

As to claim 2, Gudbiartsson as modified teaches wherein the authentication server (see 
Gudbjartsson . paragraph 31, where "authentication server" is read on "system server 101 
authenticates the user") includes: 

an identification engine configured to maintain collections of session assignments, each 
of the session assignment collections being associated with the client identifier (see 
Gudbiartsson . paragraphs 6-8, where "session assignment is read on "security zones or 
domains".) 

As to claim 3, Gudbiartsson as modified teaches wherein said identification engine is 
operable to receive client identifiers from said clients (see Gudbiartsson . paragraph 56) to 
establish authenticated users (see Gudbiartsson , paragraph 37) and responsive thereto to 
provide a user interface to access said application servers according to said associated session 
assignments (see Gudbiartsson . paragraph 29. Also see Bates , paragraph 53, where he 
teaches, "upon authentication of the user's identity and password, the helper PC accesses the 
database to obtain the Hst of servers authorized for access by that user.") 
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As to claims 4 and 5, Gudbiartsson as modified teaches wherein the authentication 
server (see Gudbiartsson , paragraph 31, where "authentication server" is read on "system 
server 101 authenticates the user") includes: 

a communication initiator engine (see Gudbiartsson , paragraph 39) configured to 
establish the trusted communication link between the authenticated users and an application 
server (see Gudbiartsson , "secure environment" in paragraphs 7 and 9; and see paragraphs 
29 and 30, where "trusted" is the security provided by the 'firewall 202'.) 

As to claim 6, Gudbiartsson as modified sfill does not teach wherein the session 
assignments include data fields selected fi-om the group consisting of session timeout and 
application access level. 

Bates , on the other hand, teaches wherein the session assignments include data fields 
selected fi-om the group consisting of session timeout (see "timed slots" in paragraphs 16 and 
28) and application access level (see "level of access" in paragraph 60.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Gudbiartsson as modified, by the further 
teaching of Bates , because doing so would enable the system to control assignment of 
sessions based on predefined time periods or based on the level of a user's access. Doing so 
would, as taught by Bates , "preclude a user from gaining unauthorized access by use of 
action commands" (see paragraph 60.) 
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As to claim 7, Gudbjartsson as modified teaches wherein the client identifier includes a 
user id (see Gudbjartsson . paragraph 35, where "user id" is read on "usemame") and 
password (see Gudbjartsson . paragraphs 50-54. Also see Bates , paragraph 53, where "user 
identity and password" is taught.) 

As to claim 8, Gudbjartsson as modified teaches wherein the authentication server (see 
Gudbjartsson , paragraph 31, where "authentication server" is read on "system server 101 
authenticates the user") includes a processor under the control of software (see "central 
processing unit" in Gudbjartsson . paragraph 25) to: 

receive an authentication signal from the client (see Gudbjartsson . paragraph 56); 

provide an application access interface to the client in response to the authentication 
signal (see providing access to a list of servers upon authentication, in Bates , paragraph 53); 
and 

establish the trusted communication link between the client and an application server 
selected from the application access interface (see Gudbjartsson . "secure environment" in 
paragraphs 7 and 9; and see paragraphs 29 and 30, where "trusted" is the security provided 
by the 'firewall 202'.) 

As to claim 9, Gudbjartsson teaches a method for automatically authenticating a client 
(see paragraphs 10 and 31) comprising the steps of 

providing an authentication server (see paragraph 31, where "authentication server" is 
read on "system server 101 authenticates the user"); 
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identifying clients to access an application servers by the authentication server (see 
paragraphs 7 and 35); and 

establishing a two-way (see paragraphs 8, 29 and 30) trusted communication link (see 
"secure environment" in paragraphs 7 and 9; and see paragraphs 29 and 30, where "trusted" 
is the security provided by the 'firewall 202') with an authenticated client (see paragraphs 29, 
31, 34, and 48.) 

Gudbiartsson does not teach a plurality of application servers and access by an 
authenticated user to a plurality of application servers associated with a client identifier. 

For the above teaching, the applicant is directed to the remarks and discussions made in 
claim 1 above, in view of the teachings of Bates . 

As to claim 10, Gudbiartsson as modified teaches wherein the identifying step includes: 
providing session parameters for each of the identified clients for at least one of the 
application servers (see Gudbiartsson , paragraphs 6-8.) 

As to claim 11, Gudbiartsson as modified teaches wherein the identifying step includes: 
providing a user interface to the identified clients for accessing the application servers 
(see Gudbiartsson . paragraphs 35 and 50-54.) 



As to claim 12, Gudbiartsson as modified teaches wherein said establishing step 
includes: 
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using said session parameters (see Gudbjartsson . paragraphs 6-8) to establish said 
trusted communication link (see Gudbjartsson , "secure environment" in paragraphs 7 and 9; 
and see paragraphs 29 and 30, where "trusted" is the security provided by the 'firewall 202'.) 

As to claim 13, Gudbjartsson as modified teaches wherein the user interface includes a 
listing of application servers (see Bates , paragraphs 47, 53 and 54) and the establishing step 
is initiated following a selection of an application server by a user from the user interface 
(see Bates , paragraphs 49 and 55.) 

As to claim 14, Gudbjartsson as modified teaches the method further comprising a 
plurality of application servers (see Bates , paragraphs 47, 53 and 54) connected to the 
network (see Bates , paragraph 45), each requiring authentication for access (see 
Gudbjartsson , paragraphs 37 and 48, and see Bates , paragraphs 47 and 53.) 

Response to Arguments 

8. Applicant's arguments filed in the Appeal Brief filed on 20-September-2007 with respect to 
the rejected claims in view of the cited references have been fully considered but they are 
moot in view of the new grounds for rejection. 
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Conclusion 

9. Any inquiries concerning this communication or earlier communications from the examiner 
should be directed to Tony Mahmoudi whose telephone number is (571) 272-4078. The 
examiner can normally be reached on Mondays-Fridays from 08:00 am to 04:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor. Christian Chace, can be reached at (571) 272-4190. 



December 18, 2007 

/Tony Mahmoudi/ 

Tony Mahmoudi 

Primary Patent Examiner 
Art Unit 2165 
Tel. (571)272-4078 
Fax (571) 273-4078 
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